Description
These commands let you configure internal behavior of the Clustering Mechanism.
Important - We do not recommend that you run these commands. These commands must be run automatically only by the Security Gateway or the Check Point Support. The only exception to this rule is to changing the CCP mode, as described below. |
|
|
Important - You must configure all the Cluster Members in the same way. |
|
|
Syntax
Notes:
Enter set cluster
and press <ESC><ESC>
to see all the available commands.
Run the cphaconf
command to see all the available commands.
Note - You can run the cphaconf
commands only from the Expert mode.
Enclose a list of available commands or parameters, separated by the vertical bar |, from which user can enter only one.
Enclose a variable - a supported value user needs to specify explicitly.
Enclose an optional command or parameter, which user can also enter.
The meaning of each command is explained in the next sections.
Description |
Command in |
Command in |
set cluster member idmode id name |
cphaconf mem_id_mode id name |
|
Register a single Critical Device (Pnote) on the Cluster Member |
|
|
Unregister a single Critical Device (Pnote) on the Cluster Member |
|
|
Report (change) a state in a single Critical Device (Pnote) on the Cluster Member |
|
|
Register several Critical Devices (Pnotes) from a file on the Cluster Member |
|
|
Unregister all Critical Devices (Pnotes) on the Cluster Member |
|
|
Configure the Cluster Control Protocol (CCP) mode on the Cluster Member |
set cluster member ccp auto broadcast multicast unicast |
cphaconf set_ccp auto unicast multicast broadcast |
Configure the Cluster Control Protocol (CCP) Encryption on the Cluster Member |
|
|
Configure the Cluster Forwarding Layer on the Cluster Member (controls the forwarding of traffic between Cluster Members) Note - For Check Point use only. |
set cluster member forwarding on off |
cphaconf forward on off |
Print the current cluster configuration as loaded in the kernel on the Cluster Member (for details, see sk93306) |
|
|
Start internal failover between slave interfaces of specified bond interface - only in Bond High Availability mode (for details, see sk93306) |
|
|
Configure what happens during a failover after a Bond already failed over internally (for details, see sk93306) |
|
|
set cluster member admin down up |
clusterXL_admin down up |
List of the Gaia Clish set cluster member
commands
set cluster member admin down up ccp auto broadcast multicast unicast forwarding off on idmode id name |
List of the cphaconf
commands
Note - Some commands are not applicable to 3rd party clusters.
cphaconf [-D] [-c <Cluster Size>] [-i <Member ID>] [-n <Cluster ID>] [-p <Policy ID>] [-m {1|service} | {2|balance} | {3|primary-up} | {4|active-up}] [-R a | <Number of Required IF>] [-t <Sync IF 1>...] [-d <Non-Monitored IF 1>...] [-M {0|multicast} | {1|pivot}] [-l <Cluster Failover Track Mode 0-7>] [-M multicast|pivot] [-N <MAC Magic value>] [-u <Member_Name1,Member_Name2,...>] start
cphaconf stop
cphaconf [-t <Sync IF 1>...] [-d <Non-Monitored IF 1>...] add
cphaconf clear-secured
cphaconf clear-non-monitored
cphaconf set_ccp {auto|unicast|multicast|broadcast}
cphaconf debug_data
cphaconf delete_link_local [-vs <VSID>] <IF name>
cphaconf set_link_local [-vs <VSID>] <IF name> <Cluster IP>
cphaconf mem_id_mode {id | name}
cphaconf failover_bond <bond_name>
cphaconf [-s] {set|unset|get} var <Kernel Parameter Name> [<Value>]
cphaconf set_pnote -d <Device> -t <Timeout in sec> -s {ok|init|problem} [-p] [-g] register
cphaconf set_pnote -f <File> [-g] register
cphaconf set_pnote -d <Device> [-p] [-g] unregister
cphaconf set_pnote -a [-g] unregister
cphaconf set_pnote -d <Device> -s {ok|init|problem} [-g] report
cphaconf ccp_encrypt {on | off}
cphaconf ccp_encrypt_key <Key String> |